portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity PortletWindowActionState.java JetspeedPowerTool.java DecoratorAction.java
Date Fri, 03 Sep 2004 18:23:41 GMT
taylor      2004/09/03 11:23:41

  Modified:    portal/src/java/org/apache/jetspeed/velocity
                        JetspeedPowerTool.java DecoratorAction.java
  Added:       portal/src/java/org/apache/jetspeed/velocity
                        PortletWindowActionState.java
  Log:
  part of Phase I and Phase II of JIRA issue
  
  http://nagoya.apache.org/jira/browse/JS2-111
  
  Securing access to portal resources
  We are now making security checks on actions (min, max, edit, help, restore) howver the
test always fails since there is no policy in place for every portlet in the system
  Thus I've reversed the logic (for now) so that every permission check passes
  Im now considering putting a default security permission definition for all portlets
  
  CVS: ----------------------------------------------------------------------
  CVS: PR:
  CVS:   If this change addresses a PR in the problem report tracking
  CVS:   database, then enter the PR number(s) here.
  CVS: Obtained from:
  CVS:   If this change has been taken from another system, such as NCSA,
  CVS:   then name the system in this line, otherwise delete it.
  CVS: Submitted by:
  CVS:   If this code has been contributed to Apache by someone else; i.e.,
  CVS:   they sent us a patch or a new module, then include their name/email
  CVS:   address here. If this is your work then delete this line.
  CVS: Reviewed by:
  CVS:   If we are doing pre-commit code reviews and someone else has
  CVS:   reviewed your changes, include their name(s) here.
  CVS:   If you have not had it reviewed then delete this line.
  
  Revision  Changes    Path
  1.21      +129 -54   jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity/JetspeedPowerTool.java
  
  Index: JetspeedPowerTool.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity/JetspeedPowerTool.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- JetspeedPowerTool.java	3 Sep 2004 13:26:51 -0000	1.20
  +++ JetspeedPowerTool.java	3 Sep 2004 18:23:41 -0000	1.21
  @@ -18,13 +18,16 @@
   import java.io.IOException;
   import java.io.PrintWriter;
   import java.io.Writer;
  +import java.security.AccessControlException;
  +import java.security.AccessController;
  +import java.util.HashMap;
   import java.util.HashSet;
   import java.util.Iterator;
   import java.util.List;
   import java.util.Locale;
  +import java.util.Map;
   import java.util.Set;
   import java.util.Stack;
  -import java.util.Vector;
   
   import javax.portlet.PortletConfig;
   import javax.portlet.PortletMode;
  @@ -40,6 +43,7 @@
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   import org.apache.jetspeed.Jetspeed;
  +import org.apache.jetspeed.JetspeedActions;
   import org.apache.jetspeed.PortalReservedParameters;
   import org.apache.jetspeed.aggregator.ContentDispatcher;
   import org.apache.jetspeed.aggregator.FailedToRenderFragmentException;
  @@ -55,9 +59,11 @@
   import org.apache.jetspeed.locator.TemplateDescriptor;
   import org.apache.jetspeed.locator.TemplateLocator;
   import org.apache.jetspeed.locator.TemplateLocatorException;
  +import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
   import org.apache.jetspeed.om.page.Fragment;
   import org.apache.jetspeed.om.page.Page;
   import org.apache.jetspeed.request.RequestContext;
  +import org.apache.jetspeed.security.PortletPermission;
   import org.apache.jetspeed.services.information.PortletURLProviderImpl;
   import org.apache.pluto.Constants;
   import org.apache.pluto.om.entity.PortletEntity;
  @@ -119,16 +125,6 @@
   {
   
       public static final String FRAGMENT_PROCESSING_ERROR_PREFIX = "fragment.processing.error.";
  -    private static final int ACTION_MINIMIZE = 0;    
  -    private static final int ACTION_MAXIMIZE = 1;
  -    private static final int ACTION_NORMAL = 2;
  -    private static final int ACTION_VIEW = 3;
  -    private static final int ACTION_EDIT = 4;
  -    private static final int ACTION_HELP = 5;
  -    private static final String ACTION_STRINGS[] =
  -    {
  -            "minimize", "maximize", "restore", "view", "edit", "help"
  -    };
       
       protected static final String PORTLET_CONFIG_ATTR = "portletConfig";
       protected static final String RENDER_RESPONSE_ATTR = "renderResponse";
  @@ -156,6 +152,8 @@
       private Writer templateWriter;
   
       private Stack fragmentStack;
  +    
  +    private static final String POWER_TOOL_SESSION_ACTIONS = "org.apache.jetspeed.powertool.actions";
   
       private static final Log log = LogFactory.getLog(JetspeedPowerTool.class);
   
  @@ -793,89 +791,166 @@
           
          
       }
  -
  -        
  -
  -    
  +         
  +    /**
  +     * Gets the list of decorator actions for a window.
  +     * Each window (on each page) has its own collection of actions associated with it.
  +     * The creation of the decorator action list per window will only be called once per
session.
  +     * This optimization is to avoid the expensive operation of security checks and action
object creation and logic
  +     * on a per request basis. 
  +     * 
  +     * @return A list of actions available to the current window, filtered by securty access
and current state.
  +     * @throws Exception
  +     */
       public List getDecoratorActions() throws Exception
       {
  -        List actions = new Vector();        
  -        WindowState state = getWindowState();
  -        if(state != null)
  +        RequestContext context = Jetspeed.getCurrentRequestContext();
  +        String key = getPage().getId() + ":" + this.getCurrentFragment().getId();
  +        Map sessionActions = (Map)context.getSessionAttribute(POWER_TOOL_SESSION_ACTIONS);
  +        if (null == sessionActions)
  +        {
  +            sessionActions = new HashMap();
  +            context.setSessionAttribute(POWER_TOOL_SESSION_ACTIONS, sessionActions);
  +        }        
  +        PortletWindowActionState actionState = (PortletWindowActionState)sessionActions.get(key);
  +        
  +        String state = getWindowState().toString();        
  +        String mode = getPortletMode().toString();
  +
  +        if (null == actionState)
           {
  -        String s = state.toString();
  -        if (s.equals(WindowState.NORMAL.toString()))
  +            actionState = new PortletWindowActionState(state, mode);   
  +            sessionActions.put(key, actionState);
  +        }
  +        else
           {
  -            actions.add(createAction(ACTION_MINIMIZE));
  -            actions.add(createAction(ACTION_MAXIMIZE));
  +            // check to see if state or mode has changed
  +            if (actionState.getWindowState().equals(state))
  +            {
  +                if (actionState.getPortletMode().equals(mode))
  +                {
  +                    // nothing has changed
  +                    return actionState.getActions();
  +                }                
  +            }
  +            // something has changed, rebuild the list
           }
  -        else if (s.equals(WindowState.MAXIMIZED.toString()))
  +        
  +                        
  +        List actions = actionState.getActions();
  +        actions.clear();
  +     
  +        PortletDefinitionComposite portlet = 
  +            (PortletDefinitionComposite) getCurrentPortletEntity().getPortletDefinition();
  +        if (null == portlet)
  +        {
  +            return actions; // allow nothing
  +        }        
  +        
  +        if (state.equals(WindowState.NORMAL.toString()))
           {
  -            actions.add(createAction(ACTION_MINIMIZE));
  -            actions.add(createAction(ACTION_NORMAL));            
  +            createAction(actions, JetspeedActions.INDEX_MINIMIZE, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_MAXIMIZE, portlet.getUniqueName());
  +        }
  +        else if (state.equals(WindowState.MAXIMIZED.toString()))
  +        {
  +            createAction(actions, JetspeedActions.INDEX_MINIMIZE, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_NORMAL, portlet.getUniqueName());
           
           }
           else // minimized
           {
  -            actions.add(createAction(ACTION_MAXIMIZE));
  -            actions.add(createAction(ACTION_NORMAL));                        
  +            createAction(actions, JetspeedActions.INDEX_MAXIMIZE, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_NORMAL, portlet.getUniqueName());
                       
           }
           
  -        PortletMode mode = getPortletMode();
  -        String m = mode.toString();
  -        if (m.equals(PortletMode.VIEW.toString()))
  +        if (mode.equals(PortletMode.VIEW.toString()))
           {
  -            actions.add(createAction(ACTION_EDIT));
  -            actions.add(createAction(ACTION_HELP));            
  +            createAction(actions, JetspeedActions.INDEX_EDIT, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_HELP, portlet.getUniqueName());
           
           }
  -        else if (m.equals(PortletMode.EDIT.toString()))
  +        else if (mode.equals(PortletMode.EDIT.toString()))
           {
  -            actions.add(createAction(ACTION_VIEW));
  -            actions.add(createAction(ACTION_HELP));                        
  +            createAction(actions, JetspeedActions.INDEX_VIEW, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_HELP, portlet.getUniqueName());
                       
           }
           else // help
           {
  -            actions.add(createAction(ACTION_VIEW));
  -            actions.add(createAction(ACTION_EDIT));                        
  +            createAction(actions, JetspeedActions.INDEX_VIEW, portlet.getUniqueName());
  +            createAction(actions, JetspeedActions.INDEX_EDIT, portlet.getUniqueName());
                       
           }
           return actions;
  -        }
  -        else
  +    }
  +    
  +    /**
  +     * Determines whether the access request indicated by the specified permission should
be 
  +     * allowed or denied, based on the security policy currently in effect.
  +     *  
  +     * @param resource The fully qualified resource name of the portlet (PA::portletName)
  +     * @param action The action to perform on this resource (i.e. view, edit, help, max,
min...)
  +     * @return true if the action is allowed, false if it is not
  +     */
  +    private boolean checkPermission(String resource, String action)
  +    {
  +        try
           {
  -            return null;
  +            AccessController.checkPermission(new PortletPermission(resource, action));
           
           }
  +        catch (AccessControlException e)
  +        {
  +            return false;
  +        }        
  +        return true;         
       }
       
  -    public DecoratorAction createAction(int kind) throws Exception
  -    {
  -        DecoratorAction action = new DecoratorAction(ACTION_STRINGS[kind], ACTION_STRINGS[kind],
"content/images/" + ACTION_STRINGS[kind] + ".gif");
  +    /**
  +     * Creates a Decorator Action link to be added to the list of actions decorating a
portlet.
  +     * 
  +     * @param actions
  +     * @param kind
  +     * @param resource
  +     * @return
  +     * @throws Exception
  +     */
  +    public DecoratorAction createAction(List actions, int actionId, String resource) throws
Exception
  +    {               
  +        String actionName = JetspeedActions.ACTIONS[actionId];
  +        if (checkPermission(resource, actionName))
  +        {
  +            return null;
  +        }
  +        DecoratorAction action =  new DecoratorAction(actionName, 
  +                                                      actionName, 
  +                                    "content/images/" +  actionName + ".gif"); // TODO:
HARD-CODED .gif
  +        
           PortletEntity entity = getCurrentPortletEntity();
           
  -        // TODO: use a factory to create this object
  -        PortletURLProviderImpl url = new PortletURLProviderImpl(Jetspeed.getCurrentRequestContext(),

  -                                                                windowAccess.getPortletWindow(getCurrentFragment()));
  -        switch (kind)
  +        PortletURLProviderImpl url = 
  +            new PortletURLProviderImpl(Jetspeed.getCurrentRequestContext(), 
  +                                       windowAccess.getPortletWindow(getCurrentFragment()));
  +        switch (actionId)
           {
  -            case ACTION_MAXIMIZE:
  +            case JetspeedActions.INDEX_MAXIMIZE:
                   url.setWindowState(WindowState.MAXIMIZED);
                   break;
  -            case ACTION_MINIMIZE:
  +            case JetspeedActions.INDEX_MINIMIZE:
                   url.setWindowState(WindowState.MINIMIZED);
                   break;
  -            case ACTION_NORMAL:
  +            case JetspeedActions.INDEX_NORMAL:
                   url.setWindowState(WindowState.NORMAL);
                   break;
  -            case ACTION_VIEW:
  +            case JetspeedActions.INDEX_VIEW:
                   url.setPortletMode(PortletMode.VIEW);
                   break;
  -            case ACTION_EDIT:
  +            case JetspeedActions.INDEX_EDIT:
                   url.setPortletMode(PortletMode.EDIT);
                   break;
  -            case ACTION_HELP:
  +            case JetspeedActions.INDEX_HELP:
                   url.setPortletMode(PortletMode.HELP);
                   break;                                
           }
           
           action.setAction(url.toString());
  +        actions.add(action);
           return action;
           
       }
  
  
  
  1.2       +4 -2      jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity/DecoratorAction.java
  
  Index: DecoratorAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity/DecoratorAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- DecoratorAction.java	7 May 2004 02:40:36 -0000	1.1
  +++ DecoratorAction.java	3 Sep 2004 18:23:41 -0000	1.2
  @@ -15,13 +15,15 @@
    */
   package org.apache.jetspeed.velocity;
   
  +import java.io.Serializable;
  +
   /**
    * DecoratorAction
    *
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class DecoratorAction
  +public class DecoratorAction implements Serializable
   {
       String name = null;
       String link = null;
  
  
  
  1.1                  jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/velocity/PortletWindowActionState.java
  
  Index: PortletWindowActionState.java
  ===================================================================
  /*
   * Copyright 2000-2001,2004 The Apache Software Foundation.
   * 
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   * 
   *      http://www.apache.org/licenses/LICENSE-2.0
   * 
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.jetspeed.velocity;
  
  import java.util.List;
  import java.io.Serializable;
  import java.util.Vector;
  
  /**
   * DecoratorAction
   *
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   * @version $Id: PortletWindowActionState.java,v 1.1 2004/09/03 18:23:41 taylor Exp $
   */
  public class PortletWindowActionState implements Serializable
  {
      private List actions = new Vector();
      private String windowState;
      private String portletMode;
      
      public PortletWindowActionState(String windowState, String portletMode)
      {        
          this.windowState = windowState;
          this.portletMode = portletMode;
      }
      
  
      /**
       * @return Returns the actions.
       */
      public List getActions()
      {
          return actions;
      }
      /**
       * @return Returns the portletMode.
       */
      public String getPortletMode()
      {
          return portletMode;
      }
      /**
       * @return Returns the windowState.
       */
      public String getWindowState()
      {
          return windowState;
      }
  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message